As far as I understand, prior to decrypting packets you have to generate session keys as explained in RFC5764 p.4.2 and RFC 5705. To implement the extraction method described in RFC 5705 you can leverage your existing TElDTLSClient descendant to call protected methods of TElDTLSClient. The PRF() function referred to in RFC 5705 is implemented in the TLS1PRF() method.

While all encryption building blocks are implemented and available in SBB, it looks like SRTP uses its own encryption schemes (e.g. AES128-CM) based on CTR mode, explained in RFC 3711. As those schemes are SRTP-specific, you will need to implement them by yourself. You can use TElSymmetricCrypto (AES encryption) and TElHashFunction (HMAC functions) components to implement the SRTP scheme.

I got the session keys, i am trying to use the TElSymmetricCrypto class and i have these questions:

To decrypt the audio i am getting the RTP payload. This is correct?

AES256 cypher needs the input message to be multiple of 16. But RTP payload is 164 bytes.
To do that the payload have a multiple of 16, i am putting a zeroed buffer padding of 12 bytes before the payload.
What is the correct way to put the padding? after or before?

For creating an instance of the TElSymmetricCrypto class, i need to set the cipher suite (in my case is TLS_RSA_WITH_AES_256_CBC_SHA). What constant define this cipher suite in the library? And what TSBSymmetricCryptoMode should I pass to TElSymmetricCrypto CreateInstance?

As the RFC 3711 p.3.3, i follow the section that indicates how to proceed to decrypt SRTP.
In other post you answered me where is the master key.
Do you know where is the master salt (to use like IV) in the DTLS object?

As far as I understand SRTP (and I can hardly call myself an expert in it without looking further into the spec), you use the single DTLS master secret to generate the whole set of SRTP keys and IVs. There is no such parameter as master salt in DTLS, and you don't need it - every keys you need for SRTP purposes are [supposedly] derived from the master key.

On a side note, I am afraid your questions have gone far beyond the scope of basic technical support that we can provide free of charge. We could probably have a deeper look into SRTP and come up with some further advice for you, but this can only be done on a paid basis. Sorry.

We use cookies to help provide you with the best possible online experience. By using this site, you agree that we may store and access cookies on your device. You can find out more about and set your own preferences here.